SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Get your managements approval
What are the key points that one can address to help get the board to support BCM? -
Protect utility programs
I want to ask what in this control (A.9.4.4) we could write as a small IT company based on developing where everybody has full access and we all are members of local administration group. -
Scope of ISO 27001 for a software project
Ours is a small company which is planning to go for ISO 27001 certification. For a company to get ISO 27001 certified, can they go ahead and get only one software project ISO 27001 certified or do they have to get the full organization ISO 27001 certified? Please do let us know. -
Personal computer in the Inventory of assets
If an employee using the personal computer in the company, such equipment must be included in the inventory of assets? -
Auditor findings - Opportunities for improvement
The final auditors report has a lot of comments known as Opportunity of improvement (OFI) some are makes since and some are not to us. One of my advisers told me that, if I didn't do anything regarding these OFI the auditor will raise theme as minor NC in the next visit, is that true and I have to do something? -
Master list of documents
I've received this question:
After risk assessment and treatment, I come to find out that there is something called masterlist of documents. I would like to know much about it please. I am not clear about that.
Answer:
Master list of documents is not a mandatory document, but it can be very useful for the Internal and External auditors, because they can identify what the organization has.
The main objective of the master list is that the organization knows which documents exists in the ISMS. So, you need to identify all documents of your ISMS and then include it in the master list. For each document list the name, you can also include the person responsible, number of version and date of last change.
If you need to know the list of mandatory documents of the ISO 27001:2013, I recommend you this article List of mandatory documents required by ISO 27001 (2013 revision): https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ -
Use of secret authentication information
I have a query on one of the controls in the Annex i.e.. Use of secret authentication information (9.3.1). If the entity opts for the control, what is expected to be maintained as Policy / Procedure and the evidences? -
Controls A.9.3.1 and A.11.2.8
I have questions regarding the following controls: A.9.3.1 and A.11.2.8 - I do not know in which cases can use them. -
NonConformities and Potential Imrovements
Hello, We are now in the course of updating our ISMS documents to comply with the new version of ISO 27001:2013, and I need a help regarding the corrective action procedure: In our current procedure, we are managing both non conformities and potential improvements, and according to the new version, the potential non confromity and preventive action are no more required, so how can we manage the potential improvements raised by employees or raised during the internal audit for example? -
Differences in BCM 2005 and 2013 revision of ISO 27001
How must you update an integrated management system based on ISO27001 from 2005 to 2013 version when you have a BCM implemented, have you specific guiedance for it you can share with me?